Security News
Midsize companies often lack the staff, expertise and expensive tools needed to defend themselves against attack, says security provider Coro. To generate its new report, named "The Great Cyber Security Market Failure and the Tragic Implications for Mid-Sized Companies," Coro analyzed information on more than 4,000 midsize companies across six industries: retail, manufacturing, professional services, healthcare, transportation and education.
Brittany Ferries has told some customers that an unforeseen technical glitch introduced after "Routine" website maintenance had left their accounts wide open, potentially exposing very sensitive details to anyone who knew the linked email address. The operator, which runs ships from the UK to ports in Spain and France, contacted punters on Tuesday with the bad news about a "Breach to our data that might have an impact on your My Account with Brittany Ferries."
A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years. LightBasin is active since at least 2016 and targets Linux and Solaris servers in particular, although it did interact with Windows systems where needed, in their mission to steal subscriber information and call metadata.
Australia's Minister for Home Affairs has announced the "Australian Government's Ransomware Action Plan," which is a set of new measures the country will adopt in an attempt to tackle the rising threat. Ransomware is a global problem, and Australian businesses aren't excluded from costly service-disrupting attacks.
Egnyte's latest report, based on a survey of 400 IT executives, examines the challenges of securing and governing unstructured content in today's hybrid and remote work environments. A key finding of the research is that unchecked data growth, combined with a lack of visibility, is increasing the risk of breaches, ransomware, and compliance violations dramatically.
Kali Linux 2021.3 released: Kali NetHunter on a smartwatch, wider OpenSSL compatibility, new tools, and more!Offensive Security has released Kali Linux 2021.3, the latest version of its popular open source penetration testing platform. Third-party cloud providers: Expanding the attack surfaceIn this interview with Help Net Security, Fred Kneip, CEO at CyberGRX, talks about the lack of visibility into third-party risk, how to address this issue, and what companies should consider when choosing the right cloud provider.
46% of all on-prem databases globally are vulnerable to attack, according to a research by Imperva. A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities.
The US Cybersecurity and Infrastructure Security Agency has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes."All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems."
Destructive attacks that targeted Iran's transport ministry and national train system were coordinated by a threat actor dubbed Indra, who previously deployed wiper malware on the networks of multiple Syrian organizations. "The attacks on Iran were found to be tactically and technically similar to previous activity against multiple private companies in Syria which was carried at least since 2019," Check Point Research analysts who made the connection said.
While it is paramount that the IT department and the security teams are strong partners in protecting the company, the best practice is to have a separation of duties to ensure the group delivering the IT services is not also responsible for monitoring and managing the security risk. Examining the security posture of every system to understand what is being used and where the risks reside, and having a mitigation plan to protect employee, company and customer data is critical.